this post was submitted on 17 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

511 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I'm using a self-hosted installation of PHPList to manage a newsletter.

Subscribers can be added via a POST to this URL:

https://www.[WEBSITE]/lists/?p=subscribe

It's presently overrun by bots.

I added this to .htaccess to block this URL

RewriteEngine On

RewriteCond %{QUERY_STRING} ^p=subscribe$ [NC]

RewriteRule ^ - [F]

Now, if you visit the subscription page above it will give a 403 error.

But, you can still add subscribers by using a POST to this URL.

How can I actually block folks from using this URL to subscribe?

top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 year ago

Do you have any access logs on the server? Or can you enable them? Examine your logs and see what the bots are accessing, then block that?

[–] [email protected] 1 points 1 year ago

I know, I know 'BuT It's NOt seLFhOStEd!' but I just let the pros deal with bots and front that kind of stuff with Cloudflare.

If you've privacy concerns you can always have that one thing on a specific subdomain and only enable Cloudflare on that, whilst keeping the rest of your subdomains unproxied.

Alternatively can't you add a capture (again, giving up a bit of privacy).

[–] [email protected] 1 points 1 year ago

This is one of the cases where there’s a real practical advantage to having a reverse proxy in front of your site/software. The proxy could be configured very easily to drop any access to that specific URL .